Full Disclosure mailing list archives
Re: Firewire Attack on Windows Vista
From: Tim <tim-security () sentinelchicken org>
Date: Sat, 8 Mar 2008 10:32:33 -0800
Hi Larry,
- use drive encryption, use 2-factor authentication, use hibernate instead of sleep, use group policy to enforce them.
Uh... yeah. So how again does drive encryption help you against this attack? Certain forms of 2-factor auth might help you, but all of the kinds I've seen would still rely on encryption keys in memory to encrypt any sensitive data on the drive, not to mention the fact that writing to memory would still bypass that auth. The funniest is using hibernate... Did you perchance read: http://www.eff.org/press/archives/2008/02/21-0 ?? Once again MS treats a security issue as a PR issue.
The fact that you can turn off DMA on Linux seems in fact inferior to simply disabling the Firewire port and driver at run-time in Windows. They both suck as solutions.
How exactly is the Linux solution inferior? Not just trying to defend Linux and attack Windows here, but really I don't see how this statement is true, so you must not understand how it works. By disabling DMA, you're just disabling it for that one driver, not all drivers. In addition, you can load/unload driver modules at run-time typically.
Incidentally, Microsoft made a few other points in their response that were interesting, but raised more questions than they answered: * it's possible for a user to disable 1394 DMA. I'm still looking into how you can do this.
That would be interesting to find out. Please do tell if you figure out how this can be done.
* it's possible for a user to "constrain a DMA device's memory access to specific ranges by using the physical DMA type." They say that some devices cannot be so restricted at all, and for others the restriction would only come at the cost of additional complexity and a performance hit, as I allude to above. I assume these considerations are generic to the hardware and not specific to Windows.
Ok, so they concede it is possible to limit the DMA accesses to specific (safe) ranges. I wonder which devices cannot be restricted...
How much should the average user worry about this? Not very much.
Yeah, I agree it's probably not a big risk right now. That may change over time though, as more and more small devices become very programmable. You can already hack Linux onto your iPod, which makes a great cover for casually compromizing machines in an office environment. The number of small devices which would normally seem benign to end users, but are capable of being quite evil, will only increas over time. Good luck with your article, tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Firewire Attack on Windows Vista, (continued)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 06)
- Re: Firewire Attack on Windows Vista Tim (Mar 06)
- Message not available
- Re: Firewire Attack on Windows Vista Tim (Mar 06)
- Re: Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
- Re: Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 07)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 07)
- Re: Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
- Re: Firewire Attack on Windows Vista Bryon Roche (Mar 07)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 08)
- Re: Firewire Attack on Windows Vista Tim (Mar 08)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 08)
- Re: Firewire Attack on Windows Vista Tim (Mar 08)
- Message not available
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 09)
- Re: Firewire Attack on Windows Vista Stefan Kanthak (Mar 09)
- Re: Firewire Attack on Windows Vista Larry Seltzer (Mar 09)
- Re: Firewire Attack on Windows Vista Jardel Weyrich (Mar 09)
- Re: Firewire Attack on Windows Vista Kern (Mar 10)
- Re: Firewire Attack on Windows Vista Stefan Kanthak (Mar 10)
- Re: Firewire Attack on Windows Vista FD (Mar 12)
- Re: Firewire Attack on Windows Vista Eric Rachner (Mar 12)